- Organisation
- IT Office
- Steering documents IT
Steering documents IT
Here you will find information about the IT Office local steering documents.
Also possible to see the decisions in the linked PDF-documents, only in Swedish and not accessibility adapted.
IT-policy for Linnaeus University
Here you can see the decision document in swedish "IT-policy för Linnéuniversitetet" (PDF-document). Not accessibility adapted.
Account rules for Linnaeus University
This information is a translated and accessibility adapted version of the Swedish decision document “Kontoregler för Linnéuniversitetet”.
Decision on new account rules 2022-10-19 (swe).
NOTE! The text below is an exact copy from the decision document.
Here you can see the account rules document in its entirety (swe). (PDF-document).
Decided by: Peter Bergehamn, Head of the IT Office. Valid from: 2022-10-19. Diary number: 2022/3529-1.1.1.
Table of Contents
- About account rules
- General
- Contact persons for IT services - Account
- Staff account
- Guest account
- Function account
- Administrator account
- Service account
- External account
- Student account
About account rules
This document regulates the use of Linnaeus University's account service provided by the IT Office.
Special rules have been decided for Linnaeus University regarding e-mail rules and passwords, which are not included in this document.
General
An account is a work tool that is used for several services and must be used in accordance with Linnaeus University's current liability rules. In connection with the account owner gaining access to their account information, they commit to follow Linnaeus University's liability rules and also to stay up to date on these. In cases where the account owner cannot or has not approved the current rules and regulations, the IT Office has the right to close the account.
If a staff account is to be disabled in accordance with a decision made by the Personnel Liability Committee, the person's work-related accounts must be disabled.
Requests for access to a user's account must be submitted in writing to the IT Office from the head of department or department head at the respective department/department/unit, stating the reason for the request and the type of data for which access is required. The data is then handed over in person to the responsible manager, who is then responsible for ensuring that it is handled in accordance with applicable laws and regulations.
Contact persons for IT services - Account
At all of Linnaeus University's departments and units, the head of department has appointed contact persons for IT services.
The purpose of contact persons is for the IT Office to be able to channel important information about these services out to the business and ensure that orders received are anchored.
Decisions on changes of contact persons are made by the head of the department/unit concerned.
Staff account
All employed staff at Linnaeus University are entitled to a staff account during the entire period of employment, including during leave of absence. Ordering a staff account must be received from the IT Iffice's contact person for staff account or the head at the respective department/unit.
Period of validity - Staff account
You are entitled to a staff account from your first day of employment. If access to the account is required before the formal employment begins, it is decided by the IT Office's contact person for staff account or department head at the respective department/unit in consultation with the IT Office.
Employees have access to their staff account 7 days after termination of employment, or other date decided by the IT Office's contact person for staff accounts, the HR department or head of the department. After these 7 days, the account will be disabled in 358 days before removal.
Disable - Staff account
Before a staff account is disabled, the IT Office contacts the contact person with a request whether the account should be extended or disabled. If the account is to be disabled, the IT Office sends information to the account owner that the account will be disabled.
Before a staff account is disabled, the owner of the account is responsible for utilizing the data in the account.
Removal - Staff account
A staff account is deleted by the IT Office no earlier than 365 days after it has been deactivated, or another date determined by the IT Office's contact person for the staff account, the HR department or the head of the department. Deleting a staff account means that e-mail, personal file storage and cloud storage are also deleted. Deletion of a staff account cannot be undone.
Change of department - Staff account
If an employee changes department within the organization, it is the IT Office's contact person for staff account or department head of the department/unit who is responsible for notifying the IT Office if the department or other rights to services should be removed from the staff account.
Guest account
Temporary visitors who are not employed at Linnaeus University, such as guest lecturers, who need a network-connected university computer can gain access to a guest account.
A guest account can be ordered by all employed staff, the student union chairman and by the chairman of a student association at Linnaeus University.
The owner of a guest account should primarily be the guest but can also be the person who orders the account.
Period of validity - Guest account
Validity of a guest account is set to a maximum of 14 days. If a longer validity period is desired, it should be considered whether there is another type of account the guest should have or contacts the IT Office needs to be contacted, who in exceptional cases extends the validity period.
Disable - Guest account
Guest accounts are disabled when the account end date has passed.
Removal - Guest account
A guest account is deleted by the IT Office no earlier than 14 days after it has been deactivated. Deleting a guest account cannot be undone.
Function account
A function account is used to access the account's email box to be able to handle email for a specific function, the email box's calendar for a calendar on Lnu.se or, if necessary, other functions.
All employees at Linnaeus University can order a function account. The orderer becomes the owner of the function account.
Period of validity - Function account
The validity period is set to the same date as the owner's staff account. Decisions to extend the validity of the account are made by the account owner.
Disable - Function account
Function accounts are deactivated in agreement with the owner. Before the owner's personnel account is disabled, the IT Office checks the status of the function account.
Before a function account is disabled, the owner of the account is responsible for utilizing the data in the account.
Removal - Function account
Function accounts are deleted by the IT Office no earlier than 90 days after they have been disabled. Deletion of a function account cannot be undone.
Using function accounts to log in to computers and services
In order to guarantee traceability of all information published by Linnaeus University on the Internet (SUNET's rules), function accounts must not be used to log in to Linnaeus University's services and computers.
Administrator account
An administrator account is a complement to a staff account that can be ordered by the department head when an employee needs to be able to administrate services and systems that are normally administered by IT.
To ensure high security in central systems, it is the IT Office that makes the assessment of what training and what routines are needed to be assigned an administrator account.
An administrator account requires a signed extended user agreement.
Period of validity - Administrator account
The validity period is set to the date according to the order, but can never have a longer validity period than on the staff account. If the account owner is on leave of absence from Linnaeus University or the department/unit the account was ordered from, the account must be disabled immediately.
The head of department/unit or department head is responsible for ensuring that information on leave of absence is communicated to the IT Office. Decisions on extension of validity or disabling of the administrator account are made by the IT Office after information from the department head.
Disable - Administrator account
Administrator accounts are disabled when the account's end date has passed or when the person terminates their employment at Linnaeus University.
Before an administrator account is deactivated, the account owner is responsible for utilizing the data in the account.
Removal - Administrator account
Administrator accounts that have been disabled for 90 days or longer are deleted by the IT Office. Deleting an administrator account cannot be undone.
Service account
A service account is used for equipment that needs to be able to authenticate against any service or system and is not used by a person for login.
Order of a service account must be received from the owner of the service or system, alternatively, head of department at the respective department/unit. The owner of a service account is the person according to the order.
Period of validity - Service account
Validity of a service account is set to the date according to the order received. Decisions on extensions are made by the head at the respective department/department/unit.
Disable - Service account
Service accounts are disabled when the account´s end date has passed. If the person who owns the service account terminates their employment at Linnaeus University, the IT Office sends information to the account's contact person with a request whether the account should be extended, change owners or be disabled.
Before disabling a service account, the account owner is responsible for ensuring that the functionality of the service or system concerned is not affected when the account is disabled.
Removal - Service accountService accounts that have been disabled for 90 days or longer are deleted by the IT Office. Deleting a service account cannot be undone.
External account
External accounts are used for external people who need to access services at Linnaeus University, such as consultants and external people in learning platforms.
All employees at Linnaeus University can order an external account.
The owner of an external account is the person who will use the account, ie. the external person. Information about the Linnaeus University employee contact person must be in the account.
Period of validity - External account
The validity period of an external account is set to a maximum of 1 year. If necessary, the account is extended by a further maximum of 1 year at a time.
The account may never have a longer validity period than the contat persons staff account, in that case the contact person needs to be changed. Decisions on extending the account's validity period are made by the account's contact person.
Disable - External account
External accounts are disabled when the account end date has passed. 30 days before an external account is disabled, the IT Office sends information to the account owner that the account will be disabled.
Before an external account is disabled, the account owner or the account´s contact person, is responsible for utilizing the data in the account.
Removal - External account
External accounts that have been deactivated for 365 days or longer are deleted by the IT Office. Deletion of an external account cannot be undone.
Student account
An active student at Linnaeus University is entitled to a student account. Definition of a student who is active is a student who is admitted in Ladok and registered or re-registered for an education at Linnaeus University or who has been approved for a study break.
The student department has the possibilty to request activation/extension of an existing student account. Persins who are admitted to a commissioned education at Linnaeus University can also gain access to a student account.
Period of validity - Student account
All student accounts are time-stamped with a last validity date linked to the education the student is admitted to/registered for at Linnaeus University in Ladok.
When the student has retrieved an account, it is active for 90 days. When the student has registered for the course/program, the validity period of the account is extended.
The validity period is set at approximately 15 months after completion of studies. The date is automatically extended if the student continues his studies at Linnaeus University, and is accepted and registered in Ladok.
Disable - Student account
A student who is no longer active according to the definition above will have their student account disabled approximately 15 months after completing their studies.
Before a student account is disabled, the IT Office sends information to the student that the account will be disabled. This takes place 30 days before disabling. Before disabling a student account, the student is is responsible for utilizing the data in the account.
If a student account is disabled due to a disciplinary sanction in accordance with Chapter 10 of the Higher Education Ordinance, the account is disabled three days after Linnaeus University's disciplinary committee has notified its decision to the student in question. No system connected to the student account may ignore a disabling due to disciplinary action.
Removal - Student account
Student accounts that have been disabled for 365 days are deleted by the IT Office. Deleting a student account means deleting email, personal file storage, and cloud storage. Deletion of a student account cannot be undone.
User agreement for the use of Linnaeus University’s computer, network and system resources
This information is a accessibility adapted version of the decision document “User agreement for the use of Linnaeus University’s computer, network and system resources”.
NOTE! The text below is an exact copy from the decision document.
Here you can see the decision document in its entirety (PDF-document)
Version 1.9. 2024-05-02
The aim of Linnaeus University is to ensure that its network is as accessible as possible. Computer resources, computer networks, related equipment and accounts are owned and managed by Linnaeus University for use in operations authorized by the university.
Any other operations may only be allowed if they:
- do not disrupt the regular use of resources.
- do not constitute a breach of these regulations.
- Do not contravene the school’s regulations, Linnaeus University’s regulations, Sunet’s regulations or applicable Swedish law.
The term authorized is used in these regulations for persons who have been allocated an account, or otherwise have received permission to use Linnaeus University’s computer, network or system resources..
For authorized users, following regulations apply:
- authorization and any associated resources may only be used by the authorized account owner.
- the password associated with the user identity shall be treated as a valuable item and is personal. See separate document for more information about password rules.
- the authorization will end according to the decided account rules that can be found on Lnu.se.
The following applies to the use of Linnaeus University’s computer, network and system resources
- Sabotage or disruptive operations on the system or against other users, and unauthorized access or attempted access to the system, are strictly forbidden.
- It is not permitted to utilize wrongful configurations, programming bugs or other methods for the purpose of gaining access to more extensive system privileges or authorization other than allocated by the system owner.
Violation of the regulations will result in the following actions
- suspicion of a breach of our rules is reported to the responsible operation manager.
- the operations manager reports to the IT security organization which, in consultation with the IT manger, decides whether the matter should be escalated.
- the IT Security Coordinator reports to the Rector for further investigation.
- in order to secure the day-to-day operation, the system administrator (or someone on his/her behalf) has the right – within their area of responsibility – to monitor the university’s systems and to check traffic or data which has been stored, in case
of an incident. - in case of a well-grounded suspicion that applicable regulations have been breached, the system owner has the right to deny access to Linnaeus University’s computer, network and system resources in order to secure its operation. If the suspicion concerns a member of staff, this measure will be taken in consultation with the employee’s direct manager.
- in case of an incident which forms a serious threat to the system, the system owner has the right to immediately deny access to Linnaeus University’s computer, network and system resources in order to secure its operation.
- In case of a suspected violation of Swedish law. The authorities will report this to the police.
Applicable regulations can be found on the schools’ notice boards, or electronically on Lnu.se.
I undertake by signing this document to:
- I hereby pledge to keep up-to-date with, and follow, the regulations which are currently in force concerning the use of Linnaeus University’s computer systems. I declare that I have read and understood these regulations.
- I am aware that careless use, or failure to follow the instructions of those responsible for the systems, may result in access to the computer, network and system resources being denied. I am also aware that violations may result in legal proceedings and that any damages caused by such violations may lead to financial claims
Supplementary agreement to user agreement for use of Lnu's computer, network and system resources with extended rights
This information is a accessibility adapted version of the decision document “User agreement for the use of Linnaeus University’s computer, network and system resources”.
NOTE! The text below is an exact copy from the decision document.
Here you can see the decision document in its entirety (PDF-document)
Version 1.4.
This is a supplementary agreement to Lnu's mandatory user agreement, and extended rights refers to a person who has
higher authorization in relation to their ordinary user.
Rules
• The information to which a person with extended rights gains access within the framework of the authorization must be treated with confidentiality unless the information is needed for a specific purpose or otherwise required by law. The undersigned is aware that the information may be subject to confidentiality according to the Publicity and Secrecy Act and must therefore process such information in accordance with said law.
• The extended authorization shall only be used in such cases where it is required for a person with extended rights to be able to perform their duties.
E-mail rules for Linnaeus University
This information is a translated and accessibility adapted version of the Swedish decision document “Kontoregler för Linnéuniversitetet”.
NOTE! The text below is an exact copy from the decision document.
Here you can see the Swedish decision document in its entirety (PDF-document)
Decided by: Therése Iveby Gardell,the University director. Date: 2022-02-02. Diary number: 2022/291-1.1.1. Serial number: 4. Valid from 2022-02-03.
Decision on new e-mail rules
Linnaeus University's e-mail rules were decided in 2011 and are in need of a revision as a consequence of the account rules for Linnaeus University being revised in 2021.
E-mail rules for Linnaeus University regulate the use of an e-mail address with an associated e-mail box at Linnaeus University. An e-mail address requires a user account at Linnaeus University.
The new e-mail rules have been refined so that information about account rules regarding ordering procedures, validity periods, account types, time limits for inactivation and removal for user accounts is now only available in the account rules for Linnaeus University.
Security advisers, UK and IT have been involved in the work of developing new e-mail rules.
The case does not fall within the scope of MBL.
Appendix
- Email rules for Linnaeus University
Decision
The University director decides
to establish E-mail rules for Linnaeus University in accordance with Appendix.
This decision replaces previously made decisions on E-mail rules from 2011 (Dnr 2011/70).
Decisions in this matter have been made by University Director Therése Iveby Gardell after a written presentation by Frida Portin, Head of the IT Office.
Rules document - E-mail rules for Linnaeus University
Table of Contents
About email rules
Use of e-mail address
Employee
Student
Personal information
Information covered by confidentiality
Use of function account with associated e-mail address
About email rules
This document regulates the use of an e-mail address with an associated e-mail box at Linnaeus University.
An e-mail address requires a user account at Linnaeus University.
Everyone who receives a user account with an associated e-mail address is obliged to take part of and keep up to date on these e-mail rules.
Information about account rules regarding ordering procedures, validity periods, account types, time limits for inactivation and removal of user accounts can be found in the decided "Account rules for Linnaeus University".
Use of e-mail address
An e-mail address is a working tool used in the service or in the studies. The e-mail address represents the university and thus affects the university's reputation and brand. Responsibility for handling the e-mail in accordance with this document is personal. E-mails sent in the service must contain an official e-mail signature, according to instructions on the internal web.
Upon termination of employment or completed studies, the user account with the associated e-mail address will be inactivated and deleted according to decided time limits in "Account rules for Linnaeus University".
Employee
If an employee uses the university's e-mail address for private messages, these must be placed in a separate folder marked "Private". All e-mails at the university are covered by the principle of openness. By placing private e-mail in a special folder facilitates the possibility of being able to distinguish private e-mail from the authorities, but this does not exclude these documents from the principle of public access.
The E-mail shall be monitored regularly. In the event of a holiday or shorter absence, automatic absence message shall be used to announce the period of time during which the absence applies and to refer to an alternative e-mail address (a colleague's e-mail address or appropriate functional address). In the event of longer absence, for example during leave of absence, a decision is made on how e-mail is to be handled in consultation with the responsible manager or another designated person.
Employees who have both an e-mail address in their role as students and one in their role as staff must, in the service, use the e-mail address valid for staff.
There may be times when it is important to get access to an employee's e-mail after termination of employment. This is to prove that the university has acted correctly, e.g. against former students (examination cases). In these cases, the University has the right to access the employee's e-mail to the extent necessary.
If the user account with the associated e-mail address is inactivated due to dismissal based on misconduct, or another more serious type of offense, the user account with the associated e-mail address must be inactivated immediately. This decision is made by the vice chancellor or other authorized person. The decision must be registered. In this case, the employee cannot access the user account with the associated e-mail address.
The University has the right to access the e-mail of the person in question to a necessary extent.
Student
The e-mail address is one of the university's official contact routes for students and the student is therefore responsible for regularly monitoring the e-mail address.
The e-mail address is created when the student retrieves their user account. Where applicable, a user account is created with the associated e-mail address in advance.
If Linnaeus University decides to inactivate the user account, the account's associated e-mail address will also be inactivated.
Personal information
Employees should strive to minimize the handling of personal data via e-mail as far as possible.
Sensitive personal information should not be sent via e-mail. If an employee receives an e-mail with sensitive personal data, it is important that this is deleted after any eventual action has been taken. If the sender needs a reply, a new e-mail message should be created to reply to the sender in order to avoid the dissemination of the sensitive personal data.
Information covered by confidentiality
Information covered by confidentiality shall not be sent by e-mail.
Use of function account with associated e-mail address
Function account with associated e-mail address must be monitored regularly. Outdated function account with associated e-mail address shall be terminated. Employees who use a function account with an associated e-mail address have personal responsibility for use and handling in accordance with this document.
Password rules for Linnaeus University
Here, you as an employee, can find the decision document in swedish "Lösenordsregler för Linnéuniversitetet" (PDF-document). Not accessibility adapted.
VPN-rules for Linnaeus University
Here you can see the Swedish decision document "VPN-regler för Linnéuniversitetet" (PDF-document). Not accessibility adapted.
Rules for use of cloud services
Before an IT system that handles our data in the "cloud" - that is, the information we use in the system is stored on external servers - the university must approve both the system and how it handles data in the cloud.
Management of obsolete computers
Here you can see the Swedish decision document "Återbruka datorer och datorutrustning" (PDF-document). Not accessibility adapted.
Policy for the management of personal information within the scope of the Identity Provider (IdP) as determined by Linnaeus University
The Identity Provider performs authentication at the request of a service which Linnaeus University recognises, either via metadata provided by the SWAMID federation or because the service and Linnaeus University has a specific agreement. Depending upon the type of service involved, the purpose of the service and what relationship the service has to the Linnaeus University IdP, one or more pieces of personal data are transferred from Linnaeus University catalogue and authorization system to the requesting service. This procedure follows the General Data Protection Ordinance (GDPR). Information on the processing of personal data at Linnaeus University.
All web services have access to a unique identifier which makes it possible for the user to save preferences after logging in such that the user has access to the same preferences during a subsequent login. This unique identifier is unique to that specific service and cannot be shared or traced between different web services.
Services that are categorised in SWAMID's metadata with entity categories receive attributes in accordance with SWAMID's recommendations, see below.
Services whose primary purpose is for the benefit of research and education have access to approximately the same personal data which are automatically sent with an everyday email, that being name, email address, user identity, if the user is a student or employee (or similar active role) and that the user has an account at Linnaeus University. Registered services that via GÉANT Data Protection Code of Conduct adhere to the European Union's data protections
directives, in Sweden the Personal Data Act, get access to the same information.
Services whose purpose is for students to process admissions, course registrations, examination sign-up, degree applications, internships, grant applications, self-service account administration and for employees self-service for Linnaeus University HR-system have access to the user's
Swedish personal identity number or Swedish higher education interim personal identity number for foreigners.
Service Definition for federated Login
General description of SAML2 WebSSO
The service provides authentication of users which have an electronic identity at Linnaeus University, together with release of attributes pertaining to the authenticated user. The provider of the service/centre of learning is a member of SWAMID, the Swedish identity federation for Research and higher education. The service has been deployed in accordance with SWAMID's policy and encompassing rules and guidelines which have been laid down by SWAMID.
Policy for personal integrity
The service adheres to the policy for the handling of personal data which has been published by Linnaeus University in accordance with Swedish law.
The service and limitations of service
Linnaeus University undertakes to guarantee the availability of the service in accordance with Linnaeus University's requirements and expectations.
Linnaeus University follows SWAMID's recommendations for release of attributes based upon entity categories. Linnaeus University reserves the right to change the actually released attributes, having communicated such with a service provider, regardless of the recommendations from SWAMID concerning the entity category the service provider has been placed in.
Service and support
Questions and faults regarding Linnaeus University and it's SAML2 WebSSO service should be directed to the following local support channels:
Phone: 0480- 44 67 00
Email: it-support@lnu.se
Web: IT-support for employees